Claw Gatekeeper
ReviewAudited by ClawScan on May 10, 2026.
Overview
This looks like a disclosed security gatekeeper, but it asks for persistent control and can auto-approve high-risk agent actions after one confirmation.
Review this skill carefully before installing. If you use it, avoid session approvals for high-risk shell, network, deletion, or skill-install actions unless you understand the matching rules. Install from a pinned, verified source rather than an unpinned latest release, inspect the local scripts before running them, and periodically review whitelists, session approvals, audit logs, and any persistent configuration.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
After one approval, the agent may continue with other risky shell, install, or network actions without asking again during that session.
The skill can let one user approval cover additional high-impact operations during the session, but the artifacts do not clearly define how narrowly 'similar' operations are matched.
HIGH risk: "Executing shell commands", "Installing skills from external sources", "Network requests to external domains" ... "[s] Allow for this session ⭐ RECOMMENDED" ... "Similar HIGH risk operations will be auto-approved"
Use per-action approval for HIGH-risk categories unless the matching rules are narrowly defined and reviewed; avoid session approval for shell execution, external installs, and network transfers.
A user may install and persist a broad control layer without carefully reviewing what it changes.
The documentation encourages delegating installation of a persistent security-control skill to an agent and discourages human setup review.
"Copy and paste this prompt to your LLM agent" ... "Make it a persistent skill" ... "seriously, let an agent do it. Humans fat-finger configs."
Do not delegate persistent security-tool installation blindly; read the install commands, verify the source, and approve each setup step yourself.
If the upstream release changes or is compromised, the installed persistent skill could differ from what was reviewed here.
The documented install path pulls an unpinned latest release from GitHub before persisting the skill.
curl -L -o claw-gatekeeper.skill https://github.com/stephenlzc/claw-gatekeeper/releases/latest/download/claw-guardian.skill openclaw skill install claw-guardian.skill openclaw skill persist claw-guardian
Prefer a registry install or a pinned release version with a verified checksum before persisting the skill.
An accidental or overly broad whitelist entry could make future risky operations easier to run without review.
The skill stores policy decisions such as whitelists/blacklists that can affect future agent behavior.
"[Y] Always allow (add to whitelist)" ... "Similar operations will be auto-allowed in the future" ... "Be careful not to whitelist dangerous operations"
Use permanent whitelists sparingly, review them regularly, and prefer one-time approvals for operations that modify files, run commands, install skills, or access sensitive paths.
The skill will continue affecting future OpenClaw sessions until disabled or removed.
The skill is explicitly designed to remain active across sessions and influence agent decisions.
"This skill should be loaded as a persistent/resident skill in OpenClaw."
Only enable persistence if you trust the skill and know how to remove it or clear its policies and session approvals.